Cryptographic Keys Security in the Cloud

  • Bushra AlBelooshi

Student thesis: Doctoral Thesis

Abstract

Cloud Computing is one of the most popular emerging trends in the world of Information Technology. It supplies ICT infrastructure, including servers, storage and networking on-demand, in a pay-as-you-go fashion that attracts many customers for its deployment. Cloud providers lease their clients' virtual machines (VMs) that are controlled by cloud administrators who can run, stop, restore and migrate the VMs. A typical threat to the cloud VMs is unauthorized access of untrustworthy administrators to cloud users' sensitive information residing within VMs' memory. Moreover, attackers gaining access to the management VM or co-located VMs can easily steal sensitive information from the VMs' memory. In this thesis, we focus on the threat of users' cryptographic keys being stolen from the RAM of the VM they provision. We analyze experimentally the data remanence problem in the cloud—specifically; we show that AES keys can be easily extracted from VM RAM. As a solution, we propose a decrypt-scatter/gather-decrypt solution that allows users to carry the encryption/decryption while protecting keys from unauthorized peeks by the cloud administrators. Our technique does not require modifications to the current cloud architectures, and is designed to be highly portable to existing cloud computation platforms. We implemented a prototype of the proposed approach using AES encryption algorithm with different on-the-fly key scattering and gathering algorithms. We presented a thorough security analysis and performance evaluation of our proposed solution for securing and hiding the cryptographic keys.
Date of AwardJun 2016
Original languageAmerican English

Keywords

  • Cloud computing
  • cloud security encryption keys
  • VM RAM security
  • memory protection
  • memory forensics.

Cite this

'